vCloudDirector5.1RHELFirewallSettings

10年積累的成都做網(wǎng)站、成都網(wǎng)站制作經(jīng)驗(yàn)，可以快速應(yīng)對(duì)客戶對(duì)網(wǎng)站的新想法和需求。提供各種問題對(duì)應(yīng)的解決方案。讓選擇我們的客戶得到更好、更有力的網(wǎng)絡(luò)服務(wù)。我雖然不認(rèn)識(shí)你，你也不認(rèn)識(shí)我。但先網(wǎng)站策劃后付款的網(wǎng)站建設(shè)流程，更有杜爾伯特免費(fèi)網(wǎng)站建設(shè)讓你可以放心的選擇與我們合作。

vCloud Director 5.1.1安裝環(huán)境RHEL 6.2

/etc/sysconfig/iptables內(nèi)容

# Generated by iptables-save v1.4.7 on Tue Mar 26 15:52:56 2013

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A OUTPUT -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Simple

 

# Begin listing vCloud Director Ports Needed

# vCloud WebServices & vCenter/ESX Connections

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# vCloud Optional

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

# SSH

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# vCloud Remote Console

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 902 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 903 -j ACCEPT

#NFS

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --sport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --sport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 920 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --sport 920 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 920 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --sport 920 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --sport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --sport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT

#DNS

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

#NTP

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT

#LDAP

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT

#SMTP

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 25 -j ACCEPT

#Syslog

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

#vCenter & ESX

#-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 902 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 903 -j ACCEPT

#Default Microsoft SQL Connections

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1433 -j ACCEPT

#Default Oracle Port Connections

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT

#AMQP Messaging (if Server exists)

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5672 -j ACCEPT

#ActiveMQ

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 61611 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 61616 -j ACCEPT

# End listing vCloud Director Ports Needed

COMMIT

# Completed on Tue Mar 26 15:52:56 2013

 

配置文件詳解：

# Generated by iptables-save v1.4.7 on Tue Mar 26 15:52:56 2013

#注釋說明

*filter

#使用filter表

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT DROP [0:0]

:RH-Firewall-1-INPUT - [0:0]

#上面四條內(nèi)容定義了內(nèi)建的INPUT、FORWAARD、ACCEPT鏈，還創(chuàng)建了一個(gè)名為RH-Firewall-1-INPUT的新鏈

-A INPUT -j RH-Firewall-1-INPUT

#上面這條規(guī)則將添加到INPUT鏈上，所有發(fā)往INPUT鏈上的數(shù)據(jù)包將跳轉(zhuǎn)到RH-Firewall-1鏈上。

-A FORWARD -j RH-Firewall-1-INPUT

#上面這條規(guī)則將添加到FORWARD鏈上，所有發(fā)往FORWARD鏈上的數(shù)據(jù)包將跳轉(zhuǎn)到RH-Firewall-1鏈上。

-A OUTPUT -j RH-Firewall-1-INPUT

#上面這條規(guī)則將添加到OUTPUT鏈上，所有發(fā)往OUTPUT鏈上的數(shù)據(jù)包將跳轉(zhuǎn)到RH-Firewall-1鏈上。

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

#上面這條規(guī)則將被添加到RH-Firewall-1-input鏈，它可以匹配所有的數(shù)據(jù)包，其中流入接口（-i）是一個(gè)環(huán)路接口(lo)，匹配這條規(guī)則的數(shù)據(jù)包將全部通過（ACCEPT），不會(huì)再使用別的規(guī)則來和它們進(jìn)行比較。

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

#上面這條規(guī)則是允許所有的icmp包，-p后是協(xié)議如：icmp、tcp、udp，端口是在-p后面--sport源端口，--dport目的端口，-j指定數(shù)據(jù)包發(fā)送目的地址后的動(dòng)作如：ACCEPT、DROP、QUEUE等。

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#-m state --state ESTABLISHED,RELATED這個(gè)條件表示所有處于ESTABLISHED或者RELATED狀態(tài)的包，策略都是接受的。

-A RH-Firewall-1-INPUT -m state --state NEW

#-A RH-Firewall-1-INPUT -m state --state NEW這個(gè)條件是當(dāng)connection的狀態(tài)為初始連接(NEW)時(shí)候的策略。

其他策略見注釋說明。

 

當(dāng)前文章：vCloudDirector5.1RHELFirewallSettings
網(wǎng)頁(yè)URL：http://m.jiaotiyi.com/article/jghssd.html